By default, the DefaultAuthenticationManager is configured in the deployerConfigContext.xml. It allows you to configure lists of AuthenticationHandlers, CredentialsToPrincipalResolvers and AuthenticationMetaDataAttributePopulators.
It requires no correlation between AuthenticationHandlers and CredentialsToPrincipalResolvers. It automatically determines which handler and resolver to use based on the provided credentials. Its easier to configure and the most flexible. However, its algorithm is obviously slower than a Manager that provides a direct mapping between credentials and AuthenticationHandlers/CredentialsToPrincipalResolver.